Source of Acquisition 
NASA Johnson Space Center 


RISK MANAGEMENT FOR THE 
INTERNATIONAL SPACE STATION 

J. Sebastian Perera, PhD, JD & Philip Brezovic 
Lyndon B. Johnson Space Center 
Houston, Texas 

iperera@ems.isc.nasa.gov , pbrezovi@ems.isc.nasa.gov 


INTRODUCTION 

The International Space Station (ISS) is an 
extremely complex system, both technically and 
programmatically. The Space Station must 
support a wide range of payloads and missions. 
It must be launched in numerous launch 
packages and be safely assembled and operated 
in the harsh environment of space. It is being 
designed and manufactured by many 
organizations, including the prime contractor, 
Boeing, the NASA institutions, and 
international partners and their contractors. 
Finally, the ISS has multiple customers, (e.g., 
the Administration, Congress, users, public, 
international partners, etc.) with contrasting 
needs and constraints. It is the ISS Risk 
Management Office strategy to proactively and 
systematically manages risks to help ensure ISS 
Program success. 

ISS CONTINOUS RISK MANAGEMENT 
STRATEGY 

The purpose of risk management is to identify 
risks and threats in the program early so that 
appropriate mitigation plans can be developed 
and implemented to reduce the consequences of 
the risk or likelihood that the risk will occur. 
This Continuous Risk Management (CRM) 
process will provide systematic methods for 
identifying, analyzing, abating, and 
communicating risks on a continual basis. 

The strategy of the ISS Program to manage risk 
includes: 


a. Embed risk management processes into 
normal day-to-day activities to identify and 
help manage all risks and potential threats. 

b. Delegate risk-management responsibility to 
the lowest possible organization with the 
allocated resources to mitigate or accept the 
risk. 

c. Dedicate a Program Risk Management 
organization to lead program-level risk- 
management activities, facilitate the risk- 
management processes, and provide 
analytical support and tools including 
Probabilistic Risk Assessments (PRAs), 

ISS Risk Management processes training 
and other risk-management assistance to 
managing organizations. 

d. Provide the necessary costs analysis and 
funding to address all risks and potential 
threats to the ISS. This includes integrating 
the cost process within one risk system. 

All Space Station program management 
organizations are responsible for performing the 
following functions under this risk 
methodology: 

a. Manage their ISS managing organizations 
risks by: 

(1) Routinely identifying and documenting 
risks. 

(2) Assessing probability and 
consequences of occurrence of the risk 
(technical, schedule & cost) and score 
by using the standardized risk tool. 

(3) Identifying and documenting risk- 
mitigation options and analyzing their 
impacts and uncertainties throughout 
the program. 
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(4) Manage risks including developing 
risk-mitigation plan options and 
ensuring its implementation. 

(5) Delegate as much responsibility and 
authority to manage, track and mitigate 
risks to the lowest level. 

b. Report risk-management status and issues 
to the Managing Organization control board 
or panel, and monitor the risk-management 
activity of all levels of the Managing 
Organization. Communicate throughout 
the program so that inputs and 
consequences can be better managed. 

c. Integrate consideration of risk into all major 
decisions and throughout the entire 
development cycle. The continuous risk 
management process is depicted in Figure 

1. 



Figure 1 ISS Continuous Risk Management Process 


The ISS Program Risk Management office 
develops and implements standard risk- 
management processes and tools that encompass 
both qualitative and quantative risk 
methodologies. This is supported by integrated 
user training on the process and supporting 
infrastructure (e.g., databases and quantative and 
qualitative analysis tools). Several types of 
industry accepted tools and techniques for risk 
management are shown in Figure 2. 
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Figure 2 Tools and Techniques for Continuous Risk 
Management 


PROGRAM RISK MANAGEMENT 
PROCESS 

The purpose of risk management is to identify 
risks early in the program so that appropriate 
mitigation plans can be put into place to 
effectively reduce the risk or prevent the risk 
from occurring. The ISS risk management 
process provides systematic methods for 
identifying, analyzing, mitigating, and 
communicating risks. 

The risk management process promotes the use 
of risk management techniques and tools in 
making decisions. The process must require all 
associated personnel to bring risk information 
within the risk management infrastructure. 
Specifically, the risk process should assess 
continually what could go wrong (risks), 
determine which risks are important to deal 
with, implement strategies to deal with those 
risks, and measure effectiveness of the 
implemented strategies. The benefits of 
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implementing an effective risk management 
process include increasing the likelihood of 
mission success, assisting the program in 
understanding what can go wrong, enabling 
better use of resources through prioritization, 
and promoting teamwork, communication, and 
smart decision making. Risk management 
should permeate throughout all facets of project 
management as seen in Figure 3. 
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Figure 3 Risk Management Coverage 


ISS Risk Data Application (IRMA) 

The ISS program office uses an integrated risk 
management database called IRMA to manage 
risks and communicate risk data throughout all 
ISS managing organizations. A characterization 
of each risk, its matrix location (severity), and 
the mitigation tasks are entered into this 
database. Managing organizations use this 
database application to effectively manage and 
track each risk and to gain insight into impacts 
from other managing organization risks. All 
cost issues are tracked in detail through this 
database. 

Items in the database are tiered. Low level 
items that lack definition or are too far “over the 
horizon” are labeled “Concerns.” More 
detailed/de fined items are known as “Watch 


Items”. Top level issues are defined as “Risks.” 
Each level requires higher levels of 
authorizations and scrutiny, see Figure 4. 
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Figure 4 Risk DB Tiered Levels 

IRMA facilitates each ISS managing 
organization’s review of sub-organization risks. 
When a managing organization reviews its sub- 
organization risks, it records whether it agrees 
with the data and whether it chooses to elevate 
that risk. Risks at that level will be reviewed by 
the Program Risk Advisory Board and may be 
given resources to mitigate the risk. At each 
level of elevation, managing organizations can 
assign their own score and rank after 
considering the more global aspects of the risk. 

IRMA is intended as a day-to-day tool for 
managing organizations and their risks. 
Managing organizations should review their 
risks at their respective organization’s 
board/panel on a bi-weekly basis (at all levels of 
boards and panels). 

The managing organization generates mitigation 
plans for risks as appropriate. Each mitigation 
plan includes the specific tasks that will be 
conducted to either decrease the likelihood of 
the risk occurring or lessen the severity of the 
consequences. As each mitigation task is 
completed, the responsible managing 
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organization records the completion of the task 
in IRMA and re-scores the risk considering the 
task’s results (the effects on the risk). By 
keeping scores updated, a managing 
organization’s current top risks can be readily 
identified or the status of any risk in the system. 

A number of metrics measure program risk- 
management trends using data contained in the 
IRMA. This allows for trend analysis to further 
identify new potential risks and assist in the 
management of all risks. The metrics will also 
scutinized the effectiveness and compliance in 
the ISS Risk Management Process by individual 
organizations. 

Program Risk Advisory Board 

The top-level program risk board is the Program 
Risk Advisory Board (PRAB). The objective of 
the PRAB is to assist the ISS Program Manager 
in managing the top risks of the ISS Program. 
The PRAB has representatives from each 
managing organization, prime contractor, other 
NASA centers and international partners. 

At each PRAB, the IRMA is utilized to review 
the top ranked risks of each managing 
organization. The PRAB reviews the risk 
magnitudes from the Program Manager’s 
perspective. The ISS Program Manager 
scrutinizes the management of all risks and 
assigns resources and actions as appropriate. 
Mitigation plans and status are reviewed and 
recommended actions for additional risk- 
mitigation activities and resources are 
formulated. 

Risk Summary Card 

The ISS Risk Summary Card is a management 
tool used to assist in the identification and 
scoring of all risks. It provide a quick overview 
of the risk management process and the risk- 
scoring tool. There are guidelines and checklists 
for all steps in the risk management process 
with definitions and standardized scoring 
(likelihood & consequence) for risks. This tool 
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provides a way all program-managing 
organizations can measure risk likelihood, 
consequence, and magnitude (in a program-wide 
consistent manner). It allows risks to be ranked 
relative to other risks to help determine risk 
mitigation priority in a consistent manner. 
Individual risks can be plotted on the matrix 
itself to provide a visual representation of their 
relative magnitudes and importance. 

Decision Trees 

Decision trees are used within the risk 
management process for structuring complex 
decisions and identifying the best available 
option. Decision trees capture the logical, 
sequential progression of events that will occur 
during the decision process. The decision tree 
decomposes complex problems into a series of 
smaller, solvable sub-problems. This tool 
provides the decision maker an avenue to 
illustrate the options available in a graphical 
manner. 

Probabilistic Risk Assessment 

Probabilistic Risk Assessment (PRA) is a multi- 
disciplinary method employed to assess factors 
contributing to determine their relative 
significance within a system. The PRA results 
can be used as a powerful decision-making tool 
in support of design, operations, and upgrade 
alternative decisions. The process helps both 
identify potential new risks and analyze existing 
risks. The ISS PRA captures possible accident 
scenarios that lead to several undesired 
consequences called end states. The ISS PRA 
goals are to examine those scenarios that can 
lead to: 

• Catastrophic loss of the Station 

• Loss of a crewmember 

• Loss of a vital Station system 

• Loss or shutdown of a pressurized 
module 

• Situations requiring evacuation 
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Cost & Schedule Risk Coordination 

In identifying and assessing risks, managing 
organizations can use probabilistic cost and 
schedule to deal more effectively with inherent 
cost and scheduling uncertainty. These models 
will also allow managing organizations to more 
effectively consider cost and schedule in 
decisions. 

The cost/budget threats must be coordinated 
effectively with program risks. Cost issues and 
risks must all be tracked and managed together 
in an efficient process. This integrated approach 
should document, rank, review and manage all 
risks including all cost and schedule impacts to 
the program. 
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system-engineering group within the ISS 
Program Office will develop a “forced ranking” 
of all risks considering technical aspects, cost 
and schedule, see Figure 5. 

This team looks at all facets of the risks/threats 
including schedule, technical and costs impacts 
and develop a prioritization list of all 
threats/risk after consulting with ISS Program 
management and all managing organizations. 


CONCLUSION 

ISS program follows integrated risk 
management process (both quantitative and 
qualitative) and is integrated into ISS project 
management. The process and tools are simple 
and seamless and permeate to the lowest levels 
(at a level where effective management can be 
realized) and follows the continuous risk 
management methodology. The risk process 
assesses continually what could go wrong 
(risks), determine which risks need to be 
managed, implement strategies to deal with 
those risks, and measure effectiveness of the 
implemented strategies. The process integrates 
all facets of risk including cost, schedule and 
technical aspects. Support analysis risk tools 
like PR A are used to support programatic 
decisions and assist in analyzing risks. 


Figure 5 Force Rank Process 

A “force ranking” system is used which 
prioritizes all risks/threats relative to program 
importance. This will facilitate a more 
organized and timely review of the risks in the 
program, which may require financial reserves 
to resolve. In addition, this will assist in making 
management decisions that span multiple years 
by ensuring reserves are allocated based on 
multi-year prioritizations. An independent 


Risk Management for the International Space Station Program 


Page 5 


APPENDIX A: Abbreviations and Acronyms 


CRM 

Continuous Risk Management 

ISS 

International Space Station 

IRMA 

ISS Risk Management Application 

LxC 

Likelihood Times Consequence 

MO 

Managing Organization 

NASA 

National Aeronautics and Space Administration 

OA 

Mailcode for International Space Station Program Office 

PRA 

Probabilistic Risk Assessment 

PRAB 

Program Risk Advisory Board 

PRM 

Program Risk Management 

PRMO 

Program Risk Management Office 

RM 

Risk Management 

TPR 

Top Program Risk 

WI 

Watch Item 
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